According to the latest report by blockchain analysis firm Elliptic, 22% or 2.89 BTC of stolen Bitcoins from Twitter scam have been sent to a Wasabi Wallet for laundering.
Elliptic analysis identified a wallet address that the firm strongly believes to “be part” of a Wasabi Wallet.
As earlier reported by ZyCrypto, the Twitter hackers made away with approximately $100,000 worth of BTC and are now using anonymous services to mix up transactions and ward off any tracing attempts by authorities and other third parties.
After their successful scam, the next step for the hackers is to cash out through one or several exchanges. One of their challenges, as Elliptic pointed out, is to circumvent blockchain monitoring tools that Elliptic or exchanges will deploy to trace the source of all Bitcoin transactions on their platforms.
“If our software tells them that the funds originated from the Twitter attack, they are likely to freeze the funds and notify law enforcement.”
Wasabi is a desktop wallet that uses a feature known as ConJoin on the Tor Network which allows multiple addresses to combine their funds from multiple inputs into one large transaction and generate anonymous multiple outputs.
Hackers are Moving Fast, With Elliptic Hot on Their Trail
Elliptic further stated that the hackers are smart to use the Wasabi wallet as it makes it harder for exchanges to trace the source of funds. When done right, the CoinJoin feature makes the blockchain trail of the transactions completely invisible.
However, by using two of Elliptic’s superior tracking tools, the Crypto Transaction Monitoring and the Crypto Wallet Screening, exchanges will be able to screen any funds linked to the addresses identified by Elliptic.
“Now they know that Wasabi Wallets have been used to help launder the proceeds of the twitter attack, they can be on the alert for any customer deposits originating from this source.”
According to another related research update by Larry Cermak, Director of Research at The Block, the hackers started testing the waters by making little deposits on several exchanges.
“As far as I can tell, the twitter hacker has made small (<$20) deposits to four exchanges already. (Coinbase, Binance, BitPay, and CoinPayments). Likely to just test out their reaction. They also already started to move the funds around and started mixing in one instance.”
Hackers Are Relentless
“Over $110K in bitcoin has now been received by addresses posted by compromised Twitter accounts. We are tracking these addresses and working with our customers to ensure these funds cannot be cashed-out or laundered.”
The next key update by Elliptic stated that the hackers had started to distribute funds, ready for mixing.
“The money is on the move-of the $120K in Bitcoin received by the addresses posted by compromised Twitter accounts, $65 has now been transferred to other addresses. We’re watching.”
Apart from Wasabi Wallet, the hackers also mixed some of their funds using ChipMixer. Tom Robinson, the Chief Scientist and Cofounder at Elliptic went as far as to suggest that only one hacker is involved.
“The #TwitterHack bitcoins have just started to move again – some being sent to ChipMixer. Simultaneous movement of funds from two wallets that have received the hacker’s bitcoins suggests they’re still under the control of one person.”
In a detailed report posted by Twitter today on exactly what happened, the social network recognizes that one of their employees was compromised and promised to rebuild trust with its users.
Twitter said “We’re embarrassed, we’re disappointed, and more than anything, we’re sorry”, which settles once and for all, any doubt that this was indeed a Twitter scam and not a Bitcoin scam.